Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 15 Sep 2016 12:57:16 -0400 (EDT)
From: cve-assign@...re.org
To: kaplanlior@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, security@....net
Subject: Re: CVE assignment for PHP 5.6.26 and 7.0.11

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> bug #73052 (Memory Corruption in During Deserialized-object Destruction).
> https://bugs.php.net/bug.php?id=73052
> https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43?w=1

Use CVE-2016-7411.


> bug #72293 (Heap overflow in mysqlnd related to BIT fields).
> https://bugs.php.net/bug.php?id=72293
> https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1

Use CVE-2016-7412.


> bug #72860 (wddx_deserialize use-after-free).
> https://bugs.php.net/bug.php?id=72860
> https://github.com/php/php-src/commit/b88393f08a558eec14964a55d3c680fe67407712?w=1

Use CVE-2016-7413.


> bug #72928 (Out of bound when verify signature of zip phar in
> phar_parse_zipfile).
> https://bugs.php.net/bug.php?id=72928
> https://github.com/php/php-src/commit/0bfb970f43acd1e81d11be1154805f86655f15d5?w=1

Use CVE-2016-7414.


> bug #73007 (add locale length check).
> https://bugs.php.net/bug.php?id=73007
> https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1

The related upstream code can be found in the
http://source.icu-project.org/repos/icu/icu/trunk/source/common/locid.cpp
file.

What we will do for now is assign one CVE ID for the "ICU for C/C++"
product and a separate CVE ID for PHP. In other words, the bug #73007
discoverer has indicated that it is a bug in that ICU product.
However, it is a bug at a different level within the PHP distribution,
because 6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b implies that PHP is
intended to operate safely even with an unpatched copy of the ICU
library.

Use CVE-2016-7415 for ICU for C/C++.

Use CVE-2016-7416 for PHP.

(If there happens to be further information indicating that locid.cpp
was supposed to behave as originally written, then we can reject
CVE-2016-7415.)


> bug #73029 (Missing type check when unserializing SplArray).
> https://bugs.php.net/bug.php?id=73029
> https://github.com/php/php-src/commit/ecb7f58a069be0dec4a6131b6351a761f808f22e?w=1

Use CVE-2016-7417.


> bug #73065 (Out-Of-Bounds Read in php_wddx_push_element).
> https://bugs.php.net/bug.php?id=73065
> https://github.com/php/php-src/commit/c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29?w=1

Use CVE-2016-7418. The scope of this CVE also includes all of the
"other four similar issues" in the "[2016-09-12 06:44 UTC]" comment.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX2tJ1AAoJEHb/MwWLVhi2IyQP/2dJs6voIoZb57o76tqlBsaO
K+4xjRwksJr7R295ckj4eyNfyrUp0md6czc1Nfo0YNiUaS4PuaDPO+hgTyquLIDX
C+F2+fi+mvKnwk4s6DmFtTsFQ/9ZERvvkvKjIN2URWMG9wQd/wGsM9/8bqa/P5wy
lykrJHFhoWqYImdijQpfQnqgdXEmRVFEUUy+06OAKJ0UU5VhpTdAt9Si+eEGw4Ke
LCYd174/PpmN/WGtA3re0nvvWxA51CspUjOjWo2cVo0jZDHKKjb38A5z3t8IiZOQ
cX/rOPcrBh4LMQ6NIgaQtNZvg7em9eO4cbbTsPo9B3N2aAhNdjVGsMuDzvrWdQ6x
w866h801+XSQcAdvjtqTv7mRVdG2mYeMhTRKQlXIj6wnP6m7jKMR2Ns6ob6WlOFU
VQao4JTjKWmcfc+S0SYNdJlXRQAiBjFF8y+bhmmxJUnK07K8gAe1kqisVBD3Son7
ri7DbOnQNZ5Vx6IRcXh04L5jSK3e11Y6r4MOS3s8ugz8O0c8qPBOUIpd3/0MnSi2
uJYid6ful550Jr5g/E42voFQjy7AFxUAneJbAMPPE4iK1QIpoJBAy4UwMIQbxvv7
kSeFi4oPeqGzPla649fBkzD0vTw35ElOOtZsEhQ14sohULuG+84VEA+FM/RDauUz
nyz6Llcs3sWHY+YCWJSQ
=VwnS
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.